diff --git a/manifests/ldap.pp b/manifests/ldap.pp
index a57c3f04a..4dab4fb6c 100644
--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
@@ -361,6 +361,11 @@
 #   accepts latest or specific versions.
 #   Defaults to present.
 #
+# [*manage_packages*]
+#   (optional) Whether or not this module should manage
+#   LDAP support packages.
+#   Defaults to true.
+#
 # === DEPRECATED group/name
 #
 # == Dependencies
@@ -456,13 +461,16 @@ class keystone::ldap(
   $auth_pool_size                      = 100,
   $auth_pool_connection_lifetime       = 60,
   $package_ensure                      = present,
+  $manage_packages                     = true,
 ) {
 
   include ::keystone::deps
-
-  $ldap_packages = ['python-ldap', 'python-ldappool']
-  ensure_resource('package', $ldap_packages, { ensure => $package_ensure,
-    tag => 'keystone-package' })
+  
+  if $manage_packages {
+    $ldap_packages = ['python-ldap', 'python-ldappool']
+    ensure_resource('package', $ldap_packages, { ensure => $package_ensure,
+      tag => 'keystone-package' })
+  }
 
   if ($tls_cacertdir != undef) {
     file { $tls_cacertdir:
diff --git a/manifests/ldap_backend.pp b/manifests/ldap_backend.pp
index b2ee10581..bd9a7e65c 100644
--- a/manifests/ldap_backend.pp
+++ b/manifests/ldap_backend.pp
@@ -364,6 +364,11 @@
 #   accepts latest or specific versions.
 #   Defaults to present.
 #
+# [*manage_packages*]
+#   (optional) Whether or not this module should manage
+#   LDAP support packages.
+#   Defaults to true.
+#
 # === DEPRECATED group/name
 #
 # == Dependencies
@@ -450,6 +455,7 @@ define keystone::ldap_backend(
   $auth_pool_size                      = 100,
   $auth_pool_connection_lifetime       = 60,
   $package_ensure                      = present,
+  $manage_packages                     = true,
 ) {
 
   include ::keystone::deps
@@ -474,11 +480,13 @@ define keystone::ldap_backend(
 
   $domain = $name
 
-  $ldap_packages = ['python-ldap', 'python-ldappool']
-  ensure_resource('package', $ldap_packages, {
-    ensure  => $package_ensure,
-    tag => ['openstack', 'keystone-package'],
-  })
+  if $manage_packages {
+    $ldap_packages = ['python-ldap', 'python-ldappool']
+    ensure_resource('package', $ldap_packages, {
+      ensure  => $package_ensure,
+      tag => ['openstack', 'keystone-package'],
+    })
+  }
 
   if ($tls_cacertdir != undef) {
     ensure_resource('file', $tls_cacertdir, { ensure => directory })
diff --git a/releasenotes/notes/manage_ldap_packages-3b739e338f3e59c2.yaml b/releasenotes/notes/manage_ldap_packages-3b739e338f3e59c2.yaml
new file mode 100644
index 000000000..8c60624f0
--- /dev/null
+++ b/releasenotes/notes/manage_ldap_packages-3b739e338f3e59c2.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - Add the ability to manage LDAP support packages
+    or not. In some instances you may not want this
+    module installing the LDAP support packages even
+    if you are using LDAP with keystone. The default
+    behavior will be no change from before.
diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb
index fccaffdc6..b03886c5c 100644
--- a/spec/classes/keystone_ldap_spec.rb
+++ b/spec/classes/keystone_ldap_spec.rb
@@ -184,4 +184,12 @@ describe 'keystone::ldap' do
     end
   end
 
+  describe 'with packages unmanaged' do
+    let :params do
+      { :manage_packages => false }
+    end
+      it { is_expected.to_not contain_package('python-ldap') }
+      it { is_expected.to_not contain_package('python-ldappool') }
+  end
+
 end